Authentication Services Group Policy (VGP) uses the output from "visudo -c" to determine the path / file that the sudo rules from GPO are written to.
If there are issues being reported by the systems "visudo -c" however this can in turn cause Authentication Services Group Policy (VGP) to fail to apply.
For example, this kind of error:
visudo: /etc/sudoers.d is owned by uid 0, should be 2
1) Work with your Sudo vendor to resolve the issues the issues causing visudo -c to fail.
2) Enhancement Request #198944 has been raised which will allow for specifying which sudoers file to use and eliminate Authentication Services current dependency on visudo -c.
At the time of this writing, June 29th, 2020, there is no ETA on when this will enhancement will be added to Authentication Services.